Kitsoft is creating a Security Operations Center (SOC) to strengthen the cybersecurity of government digital solutions in Ukraine. The project is being implemented thanks to grant support from the Seeds of Bravery initiative. We share how the SOC is planned to be implemented and its relevance for the GovTech market.
As a technology partner of the government, Kitsoft not only creates digital services but also ensures their uninterrupted operation, repels, and neutralizes cyberattacks. Over the years, the company's specialists have accumulated deep technological expertise, an understanding of cyber threats, and the need for protecting government institutions. Kitsoft will implement its experience and the best global cybersecurity practices in the Security Operations Center — a centralized system for monitoring, threat analysis, and rapid response.
The project is supported by the Seeds of Bravery consortium, an EU-funded initiative within the framework of the European Innovation Council (EIC), aimed at developing the Ukrainian startup ecosystem and integrating it into the European one.
The consortium selected Kitsoft's proposal to create an automated SOC for government cybersecurity in the category "Scaling and Acceleration in Deep Tech." The startup will receive €50,000 to create and scale the prototype. In total, Seeds of Bravery has selected over 60 Ukrainian startups this year, which will receive funding amounting to €2.2 million.
Rising cyber threats
In 2024, the government's Computer Emergency Response Team (CERT-UA) under the State Special Communications Service processed 4,315 cyber incidents. This is almost 70% more than 2023. The most frequent targets of attackers were local authorities, the government and governmental organizations, the security and defense sector, energy, telecommunications, and Ukraine's critical infrastructure.
Among the most common cyber incidents are malware distribution, phishing attacks, malicious access, account and system compromise. Attackers seek to gain access to sensitive information, destroy data, or disable critical information systems.
Many of these incidents could be prevented through timely threat detection and preventive measures. However, government institutions often face limited resources and a shortage of qualified specialists. This prevents them from effectively monitoring threats in real time and responding quickly to cyber incidents.
How Kitsoft's SOC will work
The Security Operations Center by Kitsoft is a response to these challenges, serving both the services developed by the company and enhancing the security of other GovTech solutions in the market.
In today's conditions, an effective cybersecurity strategy is not just about the ability to repel attacks but also about the continuous search for potential threats. The Security Operations Center by Kitsoft is designed exactly for this: it will provide constant monitoring, threat analysis, and quick response to cyber incidents. This will help government institutions protect their digital services more effectively.
— notes Yaroslav Bezzubets, Head of the Cyber Security Team at Kitsoft.
Image: Yaroslav Bezzubets, Head of the Cyber Security Team at Kitsoft.
Most universal solutions on the market require separate implementation or complex integrations. Instead, SOC by Kitsoft will be optimized specifically for the needs of government services, including the architecture and functional features of the products developed by the company.
The SOC deployment is currently at the stage of active implementation. Within the project, it is planned to create a centralized unit for coordinating cybersecurity measures and promptly addressing threats. Additionally, the team will develop rules and mechanisms for threat notifications and adapt them to the architecture and functionality of the company's products.
As the project leader notes, the key role in the Security Operations Center will be played by security analysts. They will monitor cyber threats, analyze suspicious activities, and respond to incidents according to the developed action plans. Analysts will also collaborate with developers to eliminate vulnerabilities and strengthen infrastructure security, minimizing cyberattack risks.
Key technologies used in Kitsoft's SOC:
SIEM (Security information and event management) — for collecting and analyzing data from various sources.
EDR (Endpoint Detection and Response) — for monitoring endpoints for threats.
IDS/IPS (Intrusion Detection / Prevention System) — for analyzing network traffic and detecting anomalies.
Incident Management Tools — for responding to threats and eliminating vulnerabilities.
The service provides the following advantages for protecting government IT projects:
24/7 monitoring and support: continuous security event tracking and rapid threat response;
Deep expertise in GovTech products: the Kitsoft team has a thorough knowledge of their structure and control points, allowing for more effective vulnerability detection and rapid incident resolution;
Fast implementation and convenience for clients: saves time and resources due to integration with Kitsoft products without the need for complex adaptation;
Comprehensive approach: from preventive risk analysis to constant security system updates;
Continuous development: ongoing improvement of technologies and processes based on feedback and evolving cyber threats.